MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RiseProStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991
SHA3-384 hash: 999dda2b93769346c3a7502ffbefe9e377fbb9c70b927caf4a39bfda41d63405ecd06ae7e23ca7f94ca5d7ca07b0e266
SHA1 hash: 477860905f1022af0f3e8de77387dda710c2684f
MD5 hash: f8eb66d6875d8b981e04da420fa1edb9
humanhash: pluto-carbon-grey-queen
File name:SecuriteInfo.com.Trojan.Siggen22.34353.15007.2101
Download: download sample
Signature RiseProStealer
Create hunting rule
File size:1'682'047 bytes
First seen:2023-12-16 05:23:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a391c991ba6330d6ddb5beaa15ef064c (303 x RiseProStealer, 7 x RisePro)
ssdeep 49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uFnTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
TLSH T19C756C31A741B462F86314B5725E57E611A235302B92C8D7F7C16FAEB2A2BD39334E13
TrID 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe RiseProStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
274
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467910/
Detection(s):
SecuriteInfo.com.Trojan.Siggen22.34353.15007.2101.UNOFFICIAL
Create hunting rule

Win.Malware.Midie-10016707-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control crypto fingerprint greyware lolbin masquerade overlay setupapi shell32
Link:
https://www.filescan.io/uploads/657d3475f4b6e5e1634b9990/reports/2ca7fbf4-e42c-4b33-bab0-90431a9b5320/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RisePro Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f3d52958-7b6c-42ca-b830-b19f3f70f782
Result
Threat name:
PrivateLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1363250
Signature
Contains functionality to inject threads in other processes
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for submitted file
Yara detected PrivateLoader
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991/
Threat name:
Win32.Trojan.RisePro
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 05:24:08 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=76uvr7qduwcwfqwwwgznhoqwo4zirxv4xmfssfwftzg4j27x5giq._file
Verdict:
malicious
Result
Malware family:
risepro
Create hunting rule
Score:
  10/10
Tags:
family:privateloader family:risepro
Link:
https://tria.ge/reports/231216-f3p44aafaj/
Malware Config
C2 Extraction:
193.233.132.51
Unpacked files
SH256 hash:
ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991
MD5 hash:
f8eb66d6875d8b981e04da420fa1edb9
SHA1 hash:
477860905f1022af0f3e8de77387dda710c2684f
Link:
https://www.unpac.me/results/5db91ece-5da6-4f61-84fa-2da237b51c3f/
Malware family:
PrivateLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ffa958fe03a5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ffa958fe03a58562c2d6b1b2d3ba16773288debcbb0b2916c59e4dc4ebf7e991

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/467910/

Comments